[Research] SSH Honeypot (honey.it-securityguard.com)

Dear followers,

I’ve recently set up a honeypot tool called Kippo, Kippo runs a virtual SSH environment and tracks all the SSH bruteforce attemps on our Server. We started the test on third of November and got about 4000 bruteforce attempts on our Server, what is remarkable here is that almost all of the logins came from servers based in china.

Our research showed that almost all the attacking machines run the Windows IIS Webserver, we are currently not sure wether those machines are zombies (hacked machines with the aim to hack other machines) or if those servers are explicitly designed to attack wide ranges. Till today we’ve collected about 2500 distinct Username/Password combinations,

the Top 10 List of combinations is below:

 Username, Password
root,admin
admin,passw0rd
admin,password
admin,P@ssw0rd
admin,abc123,
admin,admin
admin,admin
admin,1qaz@WSX
admin,Admin123!@#

I collected some charts of the latest attack trends if you want to find out more, have a look at honey.it-securityguard.com

successes_per_day

connections_per_country_pie connections_per_ip_geo connections_per_ip_geo_pie

 

We will keep you up to date with the latest trends of our analysis,

hope you enjoyed!

All the best

Patrik

de_DEGerman